Platform
other
Component
vul_db
Fixed in
221110.0.1
CVE-2026-4544 describes a cross-site scripting (XSS) vulnerability affecting the Wavlink WL-WN578W2 router, specifically version 221110. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. The vulnerability resides within the /cgi-bin/login.cgi component and is triggered by manipulating the homepage/hostname/login_page argument. The vendor has not responded to early disclosure attempts.
Successful exploitation of CVE-2026-4544 allows an attacker to inject arbitrary JavaScript code into the web interface of the Wavlink WL-WN578W2 router. This can be leveraged to steal user cookies, redirect users to malicious websites, or even deface the router's login page. Given the router's role as a gateway to a home or small business network, a compromised router could serve as a launching point for further attacks against internal systems. The ability to execute code remotely significantly increases the potential impact, as attackers do not need physical access to the device.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The lack of vendor response raises concerns about the device's overall security posture. No KEV listing or EPSS score is currently available. Public proof-of-concept exploits are likely to emerge, given the ease of exploitation and public disclosure.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
Due to the vendor's lack of response, direct patching is unavailable. As a workaround, implement strict input validation on the homepage/hostname/login_page parameter within the /cgi-bin/login.cgi script, if possible. Consider using a Web Application Firewall (WAF) to filter out malicious requests containing suspicious JavaScript code. Regularly monitor router logs for unusual activity, particularly requests targeting /cgi-bin/login.cgi with unusual parameters. After implementing these mitigations, verify their effectiveness by attempting to inject a simple JavaScript payload and confirming it is blocked.
Actualizar el firmware del dispositivo Wavlink WL-WN578W2 a una versión que corrija la vulnerabilidad de Cross-Site Scripting (XSS). Dado que el proveedor no ha respondido, se recomienda buscar actualizaciones de firmware no oficiales o considerar la sustitución del dispositivo por uno más seguro.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4544 is a cross-site scripting vulnerability in the Wavlink WL-WN578W2 router version 221110, allowing attackers to inject malicious scripts via the /cgi-bin/login.cgi component.
If you are using the Wavlink WL-WN578W2 router version 221110, you are potentially affected by this vulnerability. Consider implementing workarounds until a patch is available.
Unfortunately, a direct patch is unavailable. Implement workarounds like input validation, WAF rules, and log monitoring as described in the mitigation section.
The vulnerability has been publicly disclosed, increasing the risk of exploitation. Active exploitation is possible, though not yet confirmed.
The vendor has not released an official advisory. Monitor security news sources for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.